Leeds Product Release
The Leeds release brings a number of new features and improvements to Smoothwall, along with some changes to how we want to work in the future.
First, let’s look at the major changes. GDPR. This is a phrase on everyone’s lips - at least until next month. There’s no such thing as “GDPR compliant software”, but we want to help you conform to the new laws. To this end, we’ve added functionality to support two new requests: the “subject access request”, and the “right to be forgotten”.
The subject access request tool is available in the reporting system, under the “System” heading - it’s called “extract personal data”. It’s up to you to add all the identifiers someone might have been called by (so we suggest their AD username and their email should both be entered). This will then download a zip file you can pass to a user who’s asked for their own data.
The rest of the GDPR tools support “right to be forgotten”. This allows you to delete a user’s data, permanently. Deleting data is a very expensive operation - particularly for web filtering, as the logs were never designed to be tampered with. As such, it will require a database rebuild (triggered automatically), so should be used with a degree of caution, and preferably with the help of a trained Smoothwall technician. For this reason the tools aren’t in the GUI, but can be accessed via a secure shell connection. In addition to helping with data protection tasks, we’ve also improved security:
- Removed the last vestiges of MD5 hashes (which are no longer considered secure)
- VPN tunnels now support more DH groups and IKEv2 (yes, we know, it’s an interesting life we lead)
- Security updates of almost every underlying software package on the system.
The second major new feature is support for HTTP 1.1. For a long time, the Guardian web filter has bounced connections down to HTTP 1.0 in order to filter them. This has meant that we lose some of the benefits of the more modern protocol, and some services, sites and apps need whitelisting, where you ideally would just let them pass through the policy as normal.
You should notice relatively little difference with the changes here - any improvements in page load speed are likely to be tricky to notice. The long term benefit though is less configuration and fewer exceptions - something we strive to achieve, though it isn’t always easy. There’s a handful of other improvements in Leeds too - the IDex system now scales even better than before, and we support logging of DHCP events with the latest agent to improve accuracy. What’s not to like…?
Finally, let’s talk software releases. Going forward we’re going to try and make smaller improvements more frequently. In the past, we’ve stuck to big releases, which are more subject to delay, and hard to test. So expect smaller releases, available more frequently, and of better quality. Leeds-3, for example will contain a handful of fixes for long-standing issues, and a targeted performance update for Chromebook users.